header-logo
Suggest Exploit
vendor:
HTTP & FTP Server Suite
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: HTTP & FTP Server Suite
Affected Version From: Kukol E.V. HTTP & FTP Server Suite 1.0
Affected Version To: Kukol E.V. HTTP & FTP Server Suite 1.0
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: a:kukol_ev:http_and_ftp_server_suite:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Kukol E.V. HTTP & FTP Server Suite File Disclosure Vulnerability

Kukol E.V. HTTP & FTP Server Suite is vulnerable to a directory traversal attack, which allows a remote attacker to access files outside of the web root directory. This is achieved by using directory traversal sequences in requests, such as '../windows/system.ini'.

Mitigation:

Ensure that web server software is up to date and that all unnecessary services are disabled.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8564/info

The web server component of Kukol E.V. HTTP & FTP Server Suite is prone to a file disclosure vulnerability. Remote web users may use directory traversal sequences in requests to gain access to files outside of the server's web root directory. 

http://www.example.com/../windows/system.ini

Navigation

Suggest Exploit

Services By CQR